Taming Reflection: An Essential Step Toward Whole-program Analysis of Android Apps

Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls, which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are incomplete, given the measures taken by malware writers to elude static detection. We propose a new instrumentation-based approach to address this issue in a non-invasive way. Specifically, we introduce to the community a prototype tool called DroidRA, which reduces the resolution of reflective calls to a composite constant propagation problem and then leverages the COAL solver to infer the values of reflection targets. After that, it automatically instruments the app to replace reflective calls with their corresponding Java calls in a traditional paradigm. Our approach augments an app so that it can be more effectively statically analyzable, including by such static analyzers that are not reflection-aware.

Paper

Sun, X., Li, L., Bissyande, T., Klein, J., Ocyeau, D., Grundy, J. Taming Reflection: An Essential Step Toward Whole-program Analysis of Android Apps. ACM Journal. July 2021.

Tool

MobileSE/DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps

Project Team

Dr Xiaoyu Sun, Prof John Grundy, Prof Li Li